Group-IB has posted a blog discussing its research into W3LL, a mature, phishing-focused threat actor that has developed and is selling a phishing kit capable of bypassing MFA.
Group-IB’s researchers have observed W3LL’s underground store, which has over 500 active users who can buy 16 regularly updated custom tools that cover all steps of a BEC attack. W3LL tools are largely used to target victims in the United States, Australia, and the UK, with the most targeted industries being manufacturing, IT, and financial services. The report provides a description of all the tools on offer, as well as how they might be used in an example attack. Read more at Group-IB.